Subject: Re: Volunteers to test some kernel code...
To: Michael Graff <explorer@flame.org>
From: Simon J. Gerraty <sjg@quick.com.au>
List: tech-kern
Date: 06/15/1999 12:15:19
> > running binary?  If the answer to either is not provably "yes", then
> > in the presence of demand paging, you'd really need to compute 
> > (and re-compute) the hash of each page as (and when ever) you paged it in, 
> > otherwise how do you know that your cached hash is still valid?
> 
> How about the additional requirement that hashed binaries are
> immutable?

I deleted the following from my original post, but I guess its worth
asking: If the answer is immutable files then what's the benefit of
the dynamic tripwire?

Given that at the end of the day you need to trust that immutable
files etc actually work you can really skip the dynamic hashing
altogether. 

That is, something like: storing the signatures in the fs as Michael
suggested (room in the inode?) and clear them whenever the file is
written to.  Then the noexec-unsigned* check could simply check for
the presence of the signature.  Of course you need to ensure that the
signature can only be set in single-user mode.

And of course all that boils down to only allowing chmod +x in single
user mode :-)

--sjg